Rebase to new gs version (#2008146)
This commit is contained in:
parent
d4969749f8
commit
d2d57e551c
1
.gitignore
vendored
1
.gitignore
vendored
@ -59,3 +59,4 @@ ghostscript-8.71.tar.xz
|
||||
/ghostscript-9.53.1.tar.xz
|
||||
/ghostscript-9.53.3.tar.xz
|
||||
/ghostscript-9.54.0.tar.xz
|
||||
/ghostscript-9.55.0.tar.xz
|
||||
|
@ -1,46 +0,0 @@
|
||||
diff --git a/devices/vector/gdevtxtw.c b/devices/vector/gdevtxtw.c
|
||||
index c6b95ed5b..f103d598b 100644
|
||||
--- a/devices/vector/gdevtxtw.c
|
||||
+++ b/devices/vector/gdevtxtw.c
|
||||
@@ -1982,16 +1982,26 @@ textw_text_release(gs_text_enum_t *pte, client_name_t cname)
|
||||
gx_device_txtwrite_t *const tdev = (gx_device_txtwrite_t *) pte->dev;
|
||||
|
||||
/* Free the working buffer where the Unicode was assembled from the enumerated text */
|
||||
- if (penum->TextBuffer)
|
||||
+ if (penum->TextBuffer) {
|
||||
gs_free(tdev->memory, penum->TextBuffer, 1, penum->TextBufferIndex, "txtwrite free temporary text buffer");
|
||||
- if (penum->Widths)
|
||||
+ penum->TextBuffer = NULL;
|
||||
+ }
|
||||
+ if (penum->Widths) {
|
||||
gs_free(tdev->memory, penum->Widths, sizeof(float), pte->text.size, "txtwrite free temporary widths array");
|
||||
- if (penum->Advs)
|
||||
+ penum->Widths = NULL;
|
||||
+ }
|
||||
+ if (penum->Advs) {
|
||||
gs_free(tdev->memory, penum->Advs, 1, penum->TextBufferIndex, "txtwrite free temporary text buffer");
|
||||
- if (penum->GlyphWidths)
|
||||
+ penum->Advs = NULL;
|
||||
+ }
|
||||
+ if (penum->GlyphWidths) {
|
||||
gs_free(tdev->memory, penum->GlyphWidths, 1, penum->TextBufferIndex, "txtwrite free temporary text buffer");
|
||||
- if (penum->SpanDeltaX)
|
||||
+ penum->GlyphWidths = NULL;
|
||||
+ }
|
||||
+ if (penum->SpanDeltaX) {
|
||||
gs_free(tdev->memory, penum->SpanDeltaX, 1, penum->TextBufferIndex, "txtwrite free temporary text buffer");
|
||||
+ penum->SpanDeltaX = NULL;
|
||||
+ }
|
||||
/* If this is copied away when we complete the text enumeration succesfully, then
|
||||
* we set the pointer to NULL, if we get here with it non-NULL , then there was
|
||||
* an error.
|
||||
@@ -2008,6 +2018,7 @@ textw_text_release(gs_text_enum_t *pte, client_name_t cname)
|
||||
if (penum->text_state->FontName)
|
||||
gs_free(tdev->memory, penum->text_state->FontName, 1, penum->TextBufferIndex, "txtwrite free temporary font name copy");
|
||||
gs_free(tdev->memory, penum->text_state, 1, sizeof(penum->text_state), "txtwrite free text state");
|
||||
+ penum->text_state = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.17.1
|
@ -1,208 +0,0 @@
|
||||
diff --git a/base/gdevpipe.c b/base/gdevpipe.c
|
||||
index 96d71f5d81..752a2f1d94 100644
|
||||
--- a/base/gdevpipe.c
|
||||
+++ b/base/gdevpipe.c
|
||||
@@ -72,8 +72,28 @@ pipe_fopen(gx_io_device * iodev, const char *fname, const char *access,
|
||||
#else
|
||||
gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
|
||||
gs_fs_list_t *fs = ctx->core->fs;
|
||||
+ /* The pipe device can be reached in two ways, explicltly with %pipe%
|
||||
+ or implicitly with "|", so we have to check for both
|
||||
+ */
|
||||
+ char f[gp_file_name_sizeof];
|
||||
+ const char *pipestr = "|";
|
||||
+ const size_t pipestrlen = strlen(pipestr);
|
||||
+ int code1;
|
||||
+ const size_t preflen = strlen(iodev->dname);
|
||||
+ const size_t nlen = strlen(fname);
|
||||
+
|
||||
+ if (preflen + nlen >= gp_file_name_sizeof)
|
||||
+ return_error(gs_error_invalidaccess);
|
||||
+
|
||||
+ memcpy(f, iodev->dname, preflen);
|
||||
+ memcpy(f + preflen, fname, nlen + 1);
|
||||
+
|
||||
+ code1 = gp_validate_path(mem, f, access);
|
||||
+
|
||||
+ memcpy(f, pipestr, pipestrlen);
|
||||
+ memcpy(f + pipestrlen, fname, nlen + 1);
|
||||
|
||||
- if (gp_validate_path(mem, fname, access) != 0)
|
||||
+ if (code1 != 0 && gp_validate_path(mem, f, access) != 0 )
|
||||
return gs_error_invalidfileaccess;
|
||||
|
||||
/*
|
||||
diff --git a/base/gp_mshdl.c b/base/gp_mshdl.c
|
||||
index 2b964ed749..8d87ceadc0 100644
|
||||
--- a/base/gp_mshdl.c
|
||||
+++ b/base/gp_mshdl.c
|
||||
@@ -95,8 +95,17 @@ mswin_handle_fopen(gx_io_device * iodev, const char *fname, const char *access,
|
||||
long hfile; /* Correct for Win32, may be wrong for Win64 */
|
||||
gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
|
||||
gs_fs_list_t *fs = ctx->core->fs;
|
||||
+ char f[gp_file_name_sizeof];
|
||||
+ const size_t preflen = strlen(iodev->dname);
|
||||
+ const size_t nlen = strlen(fname);
|
||||
|
||||
- if (gp_validate_path(mem, fname, access) != 0)
|
||||
+ if (preflen + nlen >= gp_file_name_sizeof)
|
||||
+ return_error(gs_error_invalidaccess);
|
||||
+
|
||||
+ memcpy(f, iodev->dname, preflen);
|
||||
+ memcpy(f + preflen, fname, nlen + 1);
|
||||
+
|
||||
+ if (gp_validate_path(mem, f, access) != 0)
|
||||
return gs_error_invalidfileaccess;
|
||||
|
||||
/* First we try the open_handle method. */
|
||||
diff --git a/base/gp_msprn.c b/base/gp_msprn.c
|
||||
index ed48279685..746a974f78 100644
|
||||
--- a/base/gp_msprn.c
|
||||
+++ b/base/gp_msprn.c
|
||||
@@ -168,8 +168,16 @@ mswin_printer_fopen(gx_io_device * iodev, const char *fname, const char *access,
|
||||
uintptr_t *ptid = &((tid_t *)(iodev->state))->tid;
|
||||
gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
|
||||
gs_fs_list_t *fs = ctx->core->fs;
|
||||
+ const size_t preflen = strlen(iodev->dname);
|
||||
+ const size_t nlen = strlen(fname);
|
||||
|
||||
- if (gp_validate_path(mem, fname, access) != 0)
|
||||
+ if (preflen + nlen >= gp_file_name_sizeof)
|
||||
+ return_error(gs_error_invalidaccess);
|
||||
+
|
||||
+ memcpy(pname, iodev->dname, preflen);
|
||||
+ memcpy(pname + preflen, fname, nlen + 1);
|
||||
+
|
||||
+ if (gp_validate_path(mem, pname, access) != 0)
|
||||
return gs_error_invalidfileaccess;
|
||||
|
||||
/* First we try the open_printer method. */
|
||||
diff --git a/base/gp_os2pr.c b/base/gp_os2pr.c
|
||||
index f852c71fc8..ba54cde66f 100644
|
||||
--- a/base/gp_os2pr.c
|
||||
+++ b/base/gp_os2pr.c
|
||||
@@ -107,9 +107,20 @@ os2_printer_fopen(gx_io_device * iodev, const char *fname, const char *access,
|
||||
FILE ** pfile, char *rfname, uint rnamelen)
|
||||
{
|
||||
os2_printer_t *pr = (os2_printer_t *)iodev->state;
|
||||
- char driver_name[256];
|
||||
+ char driver_name[gp_file_name_sizeof];
|
||||
gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
|
||||
gs_fs_list_t *fs = ctx->core->fs;
|
||||
+ const size_t preflen = strlen(iodev->dname);
|
||||
+ const int size_t = strlen(fname);
|
||||
+
|
||||
+ if (preflen + nlen >= gp_file_name_sizeof)
|
||||
+ return_error(gs_error_invalidaccess);
|
||||
+
|
||||
+ memcpy(driver_name, iodev->dname, preflen);
|
||||
+ memcpy(driver_name + preflen, fname, nlen + 1);
|
||||
+
|
||||
+ if (gp_validate_path(mem, driver_name, access) != 0)
|
||||
+ return gs_error_invalidfileaccess;
|
||||
|
||||
/* First we try the open_printer method. */
|
||||
/* Note that the loop condition here ensures we don't
|
||||
diff --git a/base/gslibctx.c b/base/gslibctx.c
|
||||
index 6dfed6cd5a..318039fad0 100644
|
||||
--- a/base/gslibctx.c
|
||||
+++ b/base/gslibctx.c
|
||||
@@ -655,82 +655,39 @@ rewrite_percent_specifiers(char *s)
|
||||
int
|
||||
gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname)
|
||||
{
|
||||
- char *fp, f[gp_file_name_sizeof];
|
||||
- const int pipe = 124; /* ASCII code for '|' */
|
||||
- const int len = strlen(fname);
|
||||
- int i, code;
|
||||
+ char f[gp_file_name_sizeof];
|
||||
+ int code;
|
||||
|
||||
/* Be sure the string copy will fit */
|
||||
- if (len >= gp_file_name_sizeof)
|
||||
+ if (strlen(fname) >= gp_file_name_sizeof)
|
||||
return gs_error_rangecheck;
|
||||
strcpy(f, fname);
|
||||
- fp = f;
|
||||
/* Try to rewrite any %d (or similar) in the string */
|
||||
rewrite_percent_specifiers(f);
|
||||
- for (i = 0; i < len; i++) {
|
||||
- if (f[i] == pipe) {
|
||||
- fp = &f[i + 1];
|
||||
- /* Because we potentially have to check file permissions at two levels
|
||||
- for the output file (gx_device_open_output_file and the low level
|
||||
- fopen API, if we're using a pipe, we have to add both the full string,
|
||||
- (including the '|', and just the command to which we pipe - since at
|
||||
- the pipe_fopen(), the leading '|' has been stripped.
|
||||
- */
|
||||
- code = gs_add_control_path(mem, gs_permit_file_writing, f);
|
||||
- if (code < 0)
|
||||
- return code;
|
||||
- code = gs_add_control_path(mem, gs_permit_file_control, f);
|
||||
- if (code < 0)
|
||||
- return code;
|
||||
- break;
|
||||
- }
|
||||
- if (!IS_WHITESPACE(f[i]))
|
||||
- break;
|
||||
- }
|
||||
- code = gs_add_control_path(mem, gs_permit_file_control, fp);
|
||||
+
|
||||
+ code = gs_add_control_path(mem, gs_permit_file_control, f);
|
||||
if (code < 0)
|
||||
return code;
|
||||
- return gs_add_control_path(mem, gs_permit_file_writing, fp);
|
||||
+ return gs_add_control_path(mem, gs_permit_file_writing, f);
|
||||
}
|
||||
|
||||
int
|
||||
gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname)
|
||||
{
|
||||
- char *fp, f[gp_file_name_sizeof];
|
||||
- const int pipe = 124; /* ASCII code for '|' */
|
||||
- const int len = strlen(fname);
|
||||
- int i, code;
|
||||
+ char f[gp_file_name_sizeof];
|
||||
+ int code;
|
||||
|
||||
/* Be sure the string copy will fit */
|
||||
- if (len >= gp_file_name_sizeof)
|
||||
+ if (strlen(fname) >= gp_file_name_sizeof)
|
||||
return gs_error_rangecheck;
|
||||
strcpy(f, fname);
|
||||
- fp = f;
|
||||
/* Try to rewrite any %d (or similar) in the string */
|
||||
- for (i = 0; i < len; i++) {
|
||||
- if (f[i] == pipe) {
|
||||
- fp = &f[i + 1];
|
||||
- /* Because we potentially have to check file permissions at two levels
|
||||
- for the output file (gx_device_open_output_file and the low level
|
||||
- fopen API, if we're using a pipe, we have to add both the full string,
|
||||
- (including the '|', and just the command to which we pipe - since at
|
||||
- the pipe_fopen(), the leading '|' has been stripped.
|
||||
- */
|
||||
- code = gs_remove_control_path(mem, gs_permit_file_writing, f);
|
||||
- if (code < 0)
|
||||
- return code;
|
||||
- code = gs_remove_control_path(mem, gs_permit_file_control, f);
|
||||
- if (code < 0)
|
||||
- return code;
|
||||
- break;
|
||||
- }
|
||||
- if (!IS_WHITESPACE(f[i]))
|
||||
- break;
|
||||
- }
|
||||
- code = gs_remove_control_path(mem, gs_permit_file_control, fp);
|
||||
+ rewrite_percent_specifiers(f);
|
||||
+
|
||||
+ code = gs_remove_control_path(mem, gs_permit_file_control, f);
|
||||
if (code < 0)
|
||||
return code;
|
||||
- return gs_remove_control_path(mem, gs_permit_file_writing, fp);
|
||||
+ return gs_remove_control_path(mem, gs_permit_file_writing, f);
|
||||
}
|
||||
|
||||
int
|
||||
--
|
||||
2.17.1
|
||||
|
18
ghostscript-9.55-fix-typo-in-gsicc-lcms2.patch
Normal file
18
ghostscript-9.55-fix-typo-in-gsicc-lcms2.patch
Normal file
@ -0,0 +1,18 @@
|
||||
base/gsicc_lcms2.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/base/gsicc_lcms2.c b/base/gsicc_lcms2.c
|
||||
index ccf1d7051..9badb6dee 100644
|
||||
--- a/base/gsicc_lcms2.c
|
||||
+++ b/base/gsicc_lcms2.c
|
||||
@@ -462,7 +462,7 @@ int
|
||||
gscms_transform_color(gx_device *dev, gsicc_link_t *icclink, void *inputcolor,
|
||||
void *outputcolor, int num_bytes)
|
||||
{
|
||||
- return gscms_transformm_color_const(dev, icclink, inputcolor, outputcolor, num_bytes);
|
||||
+ return gscms_transform_color_const(dev, icclink, inputcolor, outputcolor, num_bytes);
|
||||
}
|
||||
|
||||
int
|
||||
--
|
||||
2.33.0
|
@ -44,8 +44,8 @@
|
||||
|
||||
Name: ghostscript
|
||||
Summary: Interpreter for PostScript language & PDF
|
||||
Version: 9.54.0
|
||||
Release: 4%{?dist}
|
||||
Version: 9.55.0
|
||||
Release: 1%{?dist}
|
||||
|
||||
License: AGPLv3+
|
||||
|
||||
@ -103,8 +103,7 @@ BuildRequires: make
|
||||
# Upstream patches -- official upstream patches released by upstream since the
|
||||
# ---------------- last rebase that are necessary for any reason:
|
||||
#Patch000: example000.patch
|
||||
Patch001: ghostscript-9.54.0-gdevtxtw-null-also-pointers.patch
|
||||
Patch002: ghostscript-9.54.0-include-pipe-handle-in-validation.patch
|
||||
Patch001: ghostscript-9.55-fix-typo-in-gsicc-lcms2.patch
|
||||
|
||||
# Downstream patches -- these should be always included when doing rebase:
|
||||
# ------------------
|
||||
@ -435,6 +434,9 @@ done
|
||||
# =============================================================================
|
||||
|
||||
%changelog
|
||||
* Mon Oct 11 2021 Richard Lescak <rlescak@redhat.com> - 9.55.0-1
|
||||
- Rebase to new gs version (#2008146)
|
||||
|
||||
* Wed Sep 09 2021 Richard Lescak <rlescak@redhat.com> - 9.54.0-4
|
||||
- Added patch for a bug (#1989084) and CVE-2021-3781 (#2003085)
|
||||
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (ghostscript-9.54.0.tar.xz) = a3c96925f4dbf5e276fc543b88df185a0435c68166db15ac532094329ba8db314d739a292da18be7954daaafeeb290e641ea03edf888854d7e752998ec6062cc
|
||||
SHA512 (ghostscript-9.55.0.tar.xz) = 42c7e05ba72e9fdd626c5412187b13fc3c9459cae57dfe49ddd3011bf4e2cbd10bc88f09068a9f777c2ec6ae881cd737fd700ab62ec5108f2aca69152588f38e
|
||||
|
Loading…
Reference in New Issue
Block a user